Azure-docs: Powershell and CLI examples assume Key Vault and VM are located in the same RG
Both the Powershell and CLI example commands are written in a manner that assumes that the Key Vault is located in the same resource group as the VM. The value/parameter "MySecureRG" works for constructing the Key Vault ID and URL values, however if the VM and KV do not live in the same RG the command will fail when running " Set-AzureRmVmssDiskEncryptionExtension" or "az vm encryption enable".
This could lead to confusion and questions regarding deployment topology / security best practices. Possibly update syntax to allow for the Key Vault to be located in a different RG but still co-located in the same subscription.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: d7c63605-95f5-0953-3cf6-1e9c50532c1d
- Version Independent ID: 8731daa8-2c15-78f7-adac-151401c13b6c
- Content: Enable Azure Disk Encryption for Windows IaaS VMs
- Content Source: articles/security/azure-security-disk-encryption-windows.md
- Service: security
- GitHub Login: @mestew
- Microsoft Alias: mstewart
cocallaw
All 9 comments
Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.
mimckitt
on 8 Sep 2018
Hi @cocallaw.
Thanks for taking the time to provide feedback on Azure Disk Encryption! This is an interesting idea, and I want to make sure it gets directly into the hands of the engineering team. Fortunately, we've got dedicated channels for that very purpose. :) See the Feedback for Azure Virtual Machines website. I think it’s important that you submit it directly because that allows you to receive notifications and more closely monitor the progress. I'm closing this issue as there's nothing actionable for the Azure Security Documentation team at this time.
mestew
on 12 Sep 2018
@cocallaw Thanks for bringing this to our attention. We will now close this issue. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.
Karishma-Tiwari-MSFT
on 12 Sep 2018
This is a documentation error, not a product error.
For clarity, the samples should have
$rgNameVM and $rgNameVault
OffColour
on 9 Jan 2019
@mestew Can you please take a look. Thanks. :)
Karishma-Tiwari-MSFT
on 9 Jan 2019
Clarifying this with product team to determine what needs to be updated.
mestew
on 14 Feb 2019
@cocallaw & @OffColour
I have these changes currently in the works.
mestew
on 2 Mar 2019
Thanks @mestew
Adding issue https://github.com/Azure/azure-cli/issues/8518 from the Azure CLI for reference
cocallaw
on 3 Mar 2019
@cocallaw Hey Corey, these changes should go live in the next day or so.
please-close
mestew
on 4 Mar 2019
Related issues
Favna
·
3Comments
varma31
·
3Comments
bdcoder2
·
3Comments
mrdfuse
·
3Comments
jharbieh
·
3Comments
Most helpful comment
@cocallaw & @OffColour
I have these changes currently in the works.